Date: Mon, 27 Apr 2015 16:31:55 -0700 From: Alan Coopersmith <alan.coopersmith@...cle.com> To: oss-security@...ts.openwall.com CC: Marcus Meissner <meissner@...e.de>, xorg_security@...rg, cve-assign@...re.org Subject: Re: CVE request: X server crash by client On 04/24/15 08:00 AM, Marcus Meissner wrote: > Hi, > > We got notified that the fix for CVE-2014-8092 introduced the possibility > of a division by 0 when the "height" for the PutImage call is 0, leading > to X server abort. > > https://bugzilla.novell.com/show_bug.cgi?id=928520 > > This was already fixed in January in X git. > http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b > > As this is a local denial of service, but might be triggerable by images with 0 height > supplied externally, it might need a CVE. Right - the ability of an already authenticated client to end the X session is generally not considered a vulnerability in Xorg, since we provide intentional mechanism to do so already, but doing so because an external data source (web site, document file, etc.) provided a bad image could be. -- -Alan Coopersmith- alan.coopersmith@...cle.com X.Org Security Response Team - xorg-security@...ts.x.org
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ